In response to a growing number of attacks against computer systems, owners and operators of such systems may introduce various security policies specifying requirements to configuration and operational aspects of computer systems. Examples of security policy requirements include configuration of anti-virus programs, firewall rules, anti-spam filter configuration, password strength rules, password maintenance rules, etc.